Build a Better Data and Recovery Backup Plan: The First Five Steps

A bulletproof backup strategy isn’t rocket science—although it may seem that way. When you break it down into these five essential parts, developing your plan suddenly seems more doable.

Amid the many responsibilities and creative challenges of data management, you’ve got some perils to consider. Hopefully, you’ll never have to cope with a hacker attack or theft, or a natural disaster. Still, you’d be wise to build a plan on the assumption that these threats are almost a given. And you know what? With a great strategy in place, you won’t have to dwell on the negatives for long. Here’s one approach to getting it done:

1. Tap the powers of accountability. Designate a person or team to be accountable, responsible and authorized to manage data security. Even if this falls under the specific domain of specialists, they must work in tandem with those who control security for the organization’s entire technological infrastructure. It will take a few meetings and more than one org chart to integrate data backup security into the grander scheme of your information security architecture. But the upshot is that everyone will feel more secure.

2. Adopt a “No door left unlocked” risk analysis. Assess any and all breaches in data security. Perform a risk analysis of your data backup process from start to finish; scout out vulnerabilities ranging from the mundane (“Do all of our office doors have appropriate locks?”) to the complex (“Is there a tight, end-to-end chain of custody for our tape backups?”).

The best-laid data backup and recovery plan identifies the most sensitive information, where it resides and how much it may need to travel. If a risk analysis reveals that your information (e.g., tapes) is vulnerable as they move from one location to another, then encrypting that data may be worth the cost. If you do a cost-benefit analysis of this process, make sure to factor in some of the frequently unanticipated expenses encryption can incur—including the time and labor involved. After doing so, you may find that a targeted encryption scheme trumps a blanket plan and is more cost-effective.

3. Incorporate a portable, location-agnostic security strategy. Ensure that your plan protects your information regardless of where it’s residing. You’ll get down to nuts-and-bolts during this multi-part step:

  • Work out a multilayered security plan that embraces authentication, authorization, encryption (as described above) and auditing.
  • Implement a tight end-to-end chain of custody process for all data backup media. Track removable media by bar codes with attendant reports. Outline a retention schedule that specifies an appropriate timeline for data, including its destruction. A well-constructed chain of custody extends beyond your office to include, if applicable, your offsite storage partner(s).
  • Is tape your primary removable media format? If so, copy your tapes and store them offsite. Doing this provides a valuable hedge against decay or destruction.
  • Consider going digital or cloud where appropriate; avoid transporting physical copies of information. You can back up encrypted data quickly and inexpensively via the Internet to an offsite location.

4. Tell them about it. How many of your co-workers fail to even password-protect their office-issued smartphone? Though information security is your primary concern, rank-and-file workers—and yes, even some executives—may need a little primer. Communicate the safeguards you’re taking throughout your workplace, and make sure that those responsible for specific procedures within your plan are properly trained from day one. Implement training for the staff, and emphasize the need for a zero-tolerance policy regarding the careless handling of vital business information.

What’s more, every manager in charge of a budget should be apprised of your plan’s valuable contribution to his or her bottom line. Why? Because data loss or theft is a business issue, not an IT issue. Make sure those at the top understand and agree.

5. Schedule a plan of attack (perhaps literally). Once you’ve developed, documented and communicated a plan, start testing it—and make sure to include both data backup and recovery in this evaluation. You may even want to attack the system, introducing threats and glitches to measure and refine recovery times. Involve co-workers, regardless of rank, who’ll be using your plan daily. In doing so, you may find you need more user education or documentation.

None of these steps by itself is too tough to tackle—especially when you’ve built a reliable team comprised of colleagues and perhaps a trusted vendor that understands the critical importance of dealing with data security challenges.

Iron Mountain Suggests:
Sharing Your Reality with a Partner

What are the benefits of teaming up with a trusted information management partner on your data backup and recovery plan? Well for starters, you’ll enjoy optimal visibility and control of your offsite data. Also consider the following as you explore taking your data backup and recovery reality show on the road:

  • Look for a firm with an extensive geographic footprint that follows a uniform service delivery model. These attributes ensure consistent service for all your business locations.
  • Your offsite media will be housed in a secure, protected storage facility. What’s more, its handling, transport and storage will adhere to manufacturers’ recommendations.
  • A partner can help store your data backup and recovery plan, ensure access to that plan, and help activate it when unexpected downtime occurs.
  • Working with an expert partner means you’ll spend less time defending your data backup and recovery procedures to internal or external auditors.